Looking for volunteers to help us maintain the blocklist. Things like writing perl programs (cygwin compatable) to compare the blocklist to google’s safebrowsing database, etc . No compensation except authorship credit as well as knowing that you work will help in the neverending fight against malware.

If you consider this blocklist useful, please consider donating money or sponsoring the list.

…we present preliminary results from
on-going experiments we are conducting to track the lifetime of
malicious domains. Studying the lifecycles of malicious domain
names will provide insight into the many classes of criminal
networks that depend on DNS, and inspire the development of
new, more effective countermeasures.”

Some highlights:

the number of resurrected domains gravitates around 200 everyday revealing a number of domains that are intermittently inactive, which could potentially be an evasion mechanism or a correlating characteristic of instability

Contrary to our intuition … many of the [malicious] domains are long-lived and more domains are being introduced than are dying.

We’ve noticed and tracked many of the “immortal” malware domains but haven’t done any research into “resurrected”, or intermittently inactive/active domains. Hmmm

Again, we encourage research using our blocklists and have set up a mirror dedicated to open source projects and scholarly research. All we ask that you let us know about such research
“

After some maintenance downtime, the Suspicious Domains lists at https://isc.sans.edu/tools/suspicious_domains.html have been re-launched. This project was developed by handler Jason Lam and is an effort to assemble weighted lists of suspicious domains based on tracking, malware and other sources

mirror2.malwaredmains.com is temporarily down; we will update you once it is back up. In the meantime, please use one of the other mirrors or contact us for details regarding the mirror handling only compressed files.